comparison mod_auth_ldap/mod_auth_ldap.lua @ 1273:1b543060f31e

mod_auth_ldap: Cleanup, reorder and some comments
author Kim Alvefur <zash@zash.se>
date Wed, 15 Jan 2014 14:35:27 +0100
parents 3e5f8e844325
children 4b15437d6c56
comparison
equal deleted inserted replaced
1272:717a08403b26 1273:1b543060f31e
1 -- mod_auth_ldap
1 2
2 local new_sasl = require "util.sasl".new; 3 local new_sasl = require "util.sasl".new;
3 local log = require "util.logger".init("auth_ldap"); 4 local lualdap = require "lualdap";
4 5
6 -- Config options
5 local ldap_server = module:get_option_string("ldap_server", "localhost"); 7 local ldap_server = module:get_option_string("ldap_server", "localhost");
6 local ldap_rootdn = module:get_option_string("ldap_rootdn", ""); 8 local ldap_rootdn = module:get_option_string("ldap_rootdn", "");
7 local ldap_password = module:get_option_string("ldap_password", ""); 9 local ldap_password = module:get_option_string("ldap_password", "");
8 local ldap_tls = module:get_option_boolean("ldap_tls"); 10 local ldap_tls = module:get_option_boolean("ldap_tls");
9 local ldap_scope = module:get_option_string("ldap_scope", "onelevel"); 11 local ldap_scope = module:get_option_string("ldap_scope", "onelevel");
10 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)"); 12 local ldap_filter = module:get_option_string("ldap_filter", "(uid=%s)");
11 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap"); 13 local ldap_base = assert(module:get_option_string("ldap_base"), "ldap_base is a required option for ldap");
12 14
13 local lualdap = require "lualdap"; 15 -- Initiate connection
14 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls)); 16 local ld = assert(lualdap.open_simple(ldap_server, ldap_rootdn, ldap_password, ldap_tls));
15 module.unload = function() ld:close(); end 17 module.unload = function() ld:close(); end
16 18
17 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end 19 local function ldap_filter_escape(s) return (s:gsub("[\\*\\(\\)\\\\%z]", function(c) return ("\\%02x"):format(c:byte()) end)); end
18 20
25 })(); 27 })();
26 end 28 end
27 29
28 local provider = {}; 30 local provider = {};
29 31
32 function provider.create_user(username, password)
33 return nil, "Account creation not available with LDAP.";
34 end
35
36 function provider.user_exists(username)
37 return not not get_user(username);
38 end
39
40 function provider.set_password(username, password)
41 local dn, attr = get_user(username);
42 if not dn then return nil, attr end
43 if attr.userPassword == password then return true end
44 return ld:modify(dn, { '=', userPassword = password })();
45 end
30 function provider.get_password(username) 46 function provider.get_password(username)
31 local dn, attr = get_user(username); 47 local dn, attr = get_user(username);
32 if dn and attr then 48 if dn and attr then
33 return attr.userPassword; 49 return attr.userPassword;
34 end 50 end
35 end 51 end
36 52
37 function provider.test_password(username, password) 53 function provider.test_password(username, password)
38 return provider.get_password(username) == password; 54 return provider.get_password(username) == password;
39 end 55 end
40 function provider.user_exists(username)
41 return not not get_user(username);
42 end
43 function provider.set_password(username, password)
44 local dn, attr = get_user(username);
45 if not dn then return nil, attr end
46 if attr.userPassword == password then return true end
47 return ld:modify(dn, { '=', userPassword = password })();
48 end
49 function provider.create_user(username, password) return nil, "Account creation not available with LDAP."; end
50 56
51 function provider.get_sasl_handler() 57 function provider.get_sasl_handler()
52 return new_sasl(module.host, { 58 return new_sasl(module.host, {
53 plain = function(sasl, username) 59 plain = function(sasl, username)
54 local password = provider.get_password(username); 60 local password = provider.get_password(username);